--- title: "Tab View Expanded Section" slug: "tab-view-expanded-section" updated: 2025-11-14T17:24:05Z published: 2025-11-14T17:24:05Z canonical: "help.silentpush.com/tab-view-expanded-section" --- > ## Documentation Index > Fetch the complete documentation index at: https://help.silentpush.com/llms.txt > Use this file to discover all available pages before exploring further. # Tab View Expanded Section The **Expanded** section, accessible via the tabs below the **Highlights** panel, leverages our domain and IP enrichment categories to deliver pivotable, granular data for advanced threat investigations. In the Total View, tabs dynamically adapt based on the selected entity (domain or IP), with explicit distinctions between features available for domains (e.g., quasar.com) and IPs (e.g., associated IPv4 addresses). This approach highlights key differences: domains emphasize DNS records, WHOIS History, and subdomain risks, while IPs focus on network infrastructure, scan data, and reputation metrics. Common tabs (e.g., Threat Feeds, Screenshots) are shared but include tailored enrichments for each. Where applicable, tabs include **Domain Enrichment Tables** (for domain-specific pivots, such as DNS records) and **IPv4 Enrichment Tables** (for IP-specific details, including ASNs and subnets). All users can access core features; paid users unlock advanced elements, such as detailed threat feed histories and context similarity scores. ![](https://cdn.document360.io/8e5460b3-9d96-4b01-8bb3-6591a4af3a8c/Images/Documentation/Screenshot 2025-11-14 at 10.51.49 AM.png) ## Tab View Breakdown: Domains vs. IPs In the Total View, tabs dynamically adapt based on the selected entity (domain or IP). Below is a side-by-side comparison of available tabs, followed by detailed breakdowns. Use the "Domain Wide View" toggle to include subdomains or related IPs for broader analysis. | Tab Category | Available for Domains | Available for IPs | Key Differences | | --- | --- | --- | --- | | **PADNS** | (Full DNS enumeration) | (IP-linked records only) | Domains show complete record types (A, AAAA, etc.); IPs pivot on resolved addresses. | | **Infrastructure Variance** | (NS-focused changes) | (ASN/subnet-focused) | Domains track nameserver entropy; IPs emphasize IP diversity over time. | | **Web Search** | (Domain scans + pivots) | (IP-specific scans) | Both include certificates/JARM; domains add HTML/title analysis. | | **WHOIS** | (Full domain registration) | (N/A) | Exclusive to domains for legitimacy checks. | | **Threat Feeds** | (Curated + live feeds) | (IP reputation feeds) | Shared, but IPs include subnet-level listings. | | **Screenshots** | (HTML/favicon visuals) | (IP-hosted page captures) | Visual confirmation for both; domains tie to subdomain views. | | **Context Similarity** | (Brand/typosquat scoring) | (N/A) | Domain-only for lookalike detection. | | **Dangling DNS** | (Takeover risk assessment) | (N/A) | Domain-only, leveraging all DNS records. | | **Subdomains** | (Risk scoring + enumeration) | (N/A) | Domain-only for monitoring child domains. | | **Certificates** | (Issuer/domain pivots) | (IP-bound certs) | Shared, but domains include multi-domain associations. | ### PADNS (DNS Infrastructure Analysis) Detect unauthorized changes and pivot on resolved IPs. Available for both domains and IPs. #### Domain Enrichment Table | Category | Elements | Description | | --- | --- | --- | | DNS Records | A, AAAA, CNAME, NS, MX, SOA, TXT | Count of linked records; total displayed with pivot options. | #### IPv4 Enrichment Table (IPs only) | Category | Elements | Description | | --- | --- | --- | | Recent DNS Records | Record type, Timestamp, Pivot IP | List of changes: includes total count. | ### Infrastructure Variance Tracks changes over 30+ days. Available for both, with entity-specific metrics. #### Domain Enrichment Table | Category | Elements | Description | | --- | --- | --- | | IP Diversity | Host, ASN Diversity, IP Diversity (All/Groups) | IPs pointed to historically. | | Nameserver Changes | NS Entropy, Number of Changes, Last Change | Frequency and recency of NS updates. | | Nameserver Information | NS Reputation, Nameserver, NS Domain Density, NS Domain Listed | Reputation and usage analysis. | #### IPv4 Enrichment Table | Category | Elements | Description | | --- | --- | --- | | ASN Information | ASN, AS Name, AS Rank, ASN Takedown Reputation, Allocation Age/Date, ASN Reputation | Network provider details. | | Subnet Information | Subnet, Subnet Reputation, Allocation Age/Date | Subnet-level reputation. | ### Web Search Pulls scan data for SSL pivots and content analysis. Available for both. #### Domain Enrichment Table | Category | Elements | Description | | --- | --- | --- | | Certificates | IP, Domains, SHA1, Valid From/Until, Issuer CN/Org, Scan Date | Associated certs for impersonation checks. | | JARM | JARM Hash, Scan Date | TLS fingerprinting. | | Favicon | MD5/Murmur3 Hashes, Path, Scan Date | Icon similarity for branding. | | HTML | Body ssdeep/Murmur3, Title, Scan Date | Content hashing. | | Header | Response, Server, Expires, Content Length/Type, Cache Control, IP/Location, Scan Date | HTTP details. | **IPv4 Enrichment Table**: Mirrors the domain table but pivots on IP-hosted assets. ### WHOIS Historical registration data. **Domains only**. #### Domain Enrichment Table | Category | Elements | Description | | --- | --- | --- | | Whois Information | Created Date, Country/City, Address, Email, Zip, Registrar | Full registrant profile. | ### Threat Feeds Curated and live feeds for triage. Available for both. #### Domain/IP Enrichment Table (Shared structure) | Category | Elements | Description | | --- | --- | --- | | Curated Feed History | Score, First Seen, Listed Recent/Span/All | Timestamps and severity. | | Live Threat Feeds | Feed List | Current listings (e.g., Cobalt Strike tags). | ### Screenshots HTML and favicon captures. Available for both. Renders page visuals tied to scan dates; pivots to Web Search for context. ### Context Similarity **Domains only**. Compares against org assets. #### Domain Enrichment Table | Category | Elements | Description | | --- | --- | --- | | Custom Attributes | Customer/Top Brand/Supplier Domain Scores | Similarity thresholds. | ### Dangling DNS **Domains only**. Assesses expired records. Counts dangling entries; paid users get full details. ### Subdomains **Domains only**. Enumerates and scores children. #### Domain Enrichment Table | Category | Elements | Description | | --- | --- | --- | | Basic Information | User Tags, Infratag, First/Last Seen, Age, DGA Score | Overview with DGA detection. | ### Certificates Issuer and validity checks. Available for both. Mirrors Web Search cert table; flags expired/rogue issuers. A feature that tracks historical changes in a domain’s WHOIS records, such as ownership, registrar, or nameserver updates, to identify patterns of malicious behavior or infrastructure reuse. Unresolved or misconfigured DNS records that can be exploited by attackers to redirect traffic or host malicious content. A metric indicating how frequently the IP addresses hosting a domain switch between different Autonomous System Numbers (ASNs) over the past 30 days, often used to detect suspicious domain behavior. A query type that tracks modifications to a domain’s nameservers, detecting potential malicious domain hopping or infrastructure shifts through historical and live data analysis. The total count of nameserver changes for a domain, used to detect patterns of instability or suspicious infrastructure modifications. The most recent timestamp when a domain’s nameserver configuration was modified, used to track changes in domain infrastructure. A metric measuring the number of unique domains associated with a network element (e.g., IP, ASN, nameserver, or MX server), used to detect concentrated malicious activity or infrastructure patterns. The descriptive name assigned to an Autonomous System (AS), a collection of IP routing prefixes under the control of one or more network operators, used to identify the network in routing operations. A measure of an Autonomous System’s trustworthiness, calculated as the ratio of blacklisted IP addresses to the total active IPs within the ASN over the past 30 days, indicating potential risk levels. A unique fingerprint generated by the JARM tool based on a server’s TLS configuration, used in IPv4 queries to identify malicious or insecure servers across different IPs or domains. The date when a domain was first observed in DNS zone files, providing insight into its age and potential trustworthiness in threat intelligence analysis. The most recent date when a domain or IP was identified on at least one curated threat intelligence feed, highlighting its current threat status. User-defined parameters in a threat intelligence platform that allow scoring of observables based on specific criteria, such as similarity to a domain, association with supply chain domains, or resemblance to top brand domains, for tailored threat assessment. A custom text string generated by Silent Push, combining a domain’s MX record, nameserver, AS name, and registrar, is used to identify similar threat infrastructure patterns.